Encryption Must Not Be Compromised by Backdoors-Redux

An opinion piece by former Hillary Clinton campaign manager, Robby Mooks, appeared recently in The Guardian and opines about keeping private communications secure by not weakening encryption by allowing backdoors. This is a subject that has been covered by ProPrivacy.com on many occasions.

But Mooks has made some comments which are worth repeating even if it gets tiring to hear the argument. To refresh your memory: The Democratic National Committee (DNC), and probably the Clinton campaign apparatus as well, was hacked back in the spring of 2016. We now know that is was most likely the Russians behind the hacks. The result: reams of “fake news” about the candidate and the Democrat Party were spread.

According to Mooks, besides having to scramble to contain the damage, it also impressed upon him the need for a better way to secure their communication i.e., encryption. In this regard, he personally was late to the party, since the encryption versus allowing some selected entities such law enforcement debate has been well underway for at least couple of years. Perhaps unbeknownst to him his candidate, they were sending and receiving unsecured and unencrypted government communications on a personal server.

Be that as it may, Mook’s premise that the calls by some folks to have ways around encryption "(backdoors") are specious and short-sighted, is spot on. It should be noted here that this debate came to a head at around the same time the DNC was hacked. It was in the following month, the heinous San Bernardino shootings took place, and in its aftermath, the battle between the FBI and Apple over an iPhone that couldn’t be unlocked because of strong encryption.

Since then, the clarion call for backdoors has been voiced by many in law enforcement, politicians, and pundits. Among those leading the charge was Deputy Attorney General Rod Rosenstein, FBI Director Christopher Wray, and Amber Rudd, the UK Home Secretary. They cited encryption as “problematic” and “a major public safety issue,” and said that there is room for “responsible encryption.” But as Mooks reminds us, while this all sounds well and good, "the devil is in the details" - as is often the case with these political hot-potatoes.

There’s no denying that criminals and terrorists are using heretofore unbreakable encryption with impunity to enrich themselves and sow the seeds of violence. And it would seem logical that the technology which created such secure encryption could surely devise some limited way - some magic keys - to selectively “unlock” specific devices in certain instances. If only so easy to have it both ways- security and yet access, too. For whatever “keys” are accessible to the good guys, would undoubtedly be accessible to the bad guys. Real encryption works exactly because it is impenetrable.

Then there is another matter to consider - malicious repressive state actors. Think Russia, China, or Iran. In those nations, good encryption is the only thing which keeps a communicative citizenry out of jail - or worse. The effect on dissidents could be devastating, and any dim hope for democracy would be dashed. And the problem would only be exacerbated in countries racing ahead in technology with AIs, as China is doing. Don’t you think it is possible that intelligent robots could more easily exploit a backdoor’s weakness?

While Mooks is probably correct in saying that encryption backdoors are unworkable, he posits an alternative thesis which is just as unworkable. In this day and age, the genie is already out of the lamp - encryption is aiding and abetting the bad guys and thwarting the good guys. He posits that there are other means of obtaining information from companies, by employing approved warrants requesting such information. Information might include the size or frequency of data exchanged between the accounts, the location of active parties, and the devices being used.

The problem is that even with the technology law enforcement possesses along these lines- think Stingrays, GPS location identifiers, and the like- the bad guys are always a step ahead. He opines that what law enforcement needs is information. But the information it needs can only be truly obtained through better technology. In this regard it needs help.

This long-running and wide-ranging debate needs fresh ideas, not the tired years-old arguments Mooks presents- in my humble opinion. Moreover, in the context of security and communications, his opinions about keeping private communications secure borders on the hypocritical.